Blog

Zero-Day Attacks: The More Things Change, the More they Stay the Same

By BUFFERZONE Team, 14/11/2016

Share

Nineteenth century French novelist Jean-Baptise Alphonse Karr is credited with coining the phrase “the more things change, the more they stay the same”. While this astute observation still applies to a variety of modern scenarios, one of the most frequent — and also among the most unwelcome — expressions relates to what is now a permanent fixture on the cyber threat landscape: zero-day attacks.

Ironically, perhaps the most dangerous feature of zero-day attacks is that they have been around for so long and inflicted so much damage, that they have in a sense become part of the everyday background noise. For example, a well-crafted Dark Reading article cautions enterprises that zero-day attacks will not go away; on the contrary, they will increase as more malware writers monetize their attacks. The problem with this article? It was published in early 2006!

Back to the Future

Yet here we are more than a decade later, and the story is fundamentally the same. Indeed, as reported by Brian Krebs on November 8 while the world was busy watching the U.S. Election results unfold, Microsoft and Adobe were busy publishing 14 patch bundles that closed up 68 unique security flaws in Windows. And in October, Adobe patched up 81 zero-day vulnerabilities in Acrobat, Reader and Flash, which was more than double the 38 patches issued in July, but less than the 93 patches issues in May.

Of course, there is no need to single out Adobe. Examples of recent zero-day exploits are easy to find:

This is just a quick glimpse of a list that could be several pages long. Suffice it to say, a headline announcing yet another zero-day exploit or attack has become commonplace. Just as organizations that go through many shifts in a relatively short period of time can experience what HR experts call “Change Fatigue”, some InfoSec professionals may be suffering from a case of “Zero-Day Exploit Fatigue”.

Zero Day Attacks are Here to Stay

Despite this exhaustion, organizations cannot afford to lower their guard against the endless onslaught of zero-day attacks; because as we all know, they are never going to completely go away. Yes, organizations can get rid of Flash and Java, or they can spend even more money on end user training (which, by the way, Vanderbilt University’s Eric Johnson claims is typically not a wise investment). But while these steps can mitigate the problem, they cannot eliminate the threat. And that is where BUFFERZONE fills the gap.

The BUFFERZONE Solution

BUFFERZONE enables end users to browse the web, launch various Internet-facing applications (e.g. email, Skype, etc.), and open files and apps from mobile devices while remaining safe inside a virtual container. If malware triggered by malvertising, drive-by-download, or any other vector tries to take advantage of a zero-day exploit, it is captured inside the container and cannot transfer to the endpoint. Security teams can then wipe the container remotely or locally, patch up the hole across the organization, and ultimately keep their data and reputations safe.

The Bottom Line

Cyber criminals are more dangerous now than they were a decade ago (but not as dangerous as they will be a decade from now). But with all that has changed on the cyber threat landscape, when it comes to zero-day exploits, Karr was right: the more things change, the more they stay the same. As such, it is not a question of whether the next zero-day attack will occur, but it is a matter of when.

Naturally, organizations do not have a crystal ball or a time machine. But they can, should, and arguably must proactively reduce their exposure. Adding a virtual container solution to their overall threat defense system and strategy is clearly a step in the right direction.